MWC: Researchers Warn Of Femtocell Security Flaws

Femtocell devices may not be as secure as first thought after two Trustwave security consultants said that they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device.

Zack Fasel and Matthew Jakubowski, security consultants with Trustwave’s SpiderLabs, will present their findings at ShmooCon, held 5 to 7 February in Washington.

“Our original [area of] curiosity was whether these devices could be utilised to supplement cellular deployment in third-world countries (such as the OpenBTS+Asterisk project) in a much cheaper package ($250 / £157 compared to over $1,200 / £754 for a USRP hardware device plus server costs),” Fasel explained. “After hours of sniffing traffic, changing IP address ranges, guessing passwords and investigating hardware pinouts, we had obtained root access on these Linux-based cellular-based devices, which piqued our curiosity [about] the security implications.”

Femtocell devices are small cellular base stations used to increase wireless coverage in areas with limited service. Because a cell phone does not have business logic to prevent it from connecting to a wireless device acting as a tower that has been tampered with, it is possible for malicious users to abuse that trust and sniff traffic as it traverses the network.

“Through the theoretical attack method outlined in our talk, the attacker would compromise the femtocell device to gain full root access over the device,” Fasel said. “As the attacker has access to the device, any services the device offers [are] subject to the attacker’s control, including voice, data, authentication and access to the femtocell’s home network.”

In addition, the researchers plan to offer proof that a malicious user could tamper with a wireless device and create a fake tower in order to monitor people’s movement via the identification numbers of their cell phones.

“The cell companies need to focus on the security of the hardware just as much as the software,” Fasel said. “In our findings we noticed a limited concern [about] the security of the hardware. We used this to our advantage to get full root access to the device. This then allowed us understand and modify existing software on the device.

“In addition, cellular technologies (specifically in the case of GSM) employ a weak authentication mechanism,” he added. “This has been known throughout the security industry for several years.”

As for users, there isn’t much they can do, he said.

“Stop using cellular technologies? Other than that, because users can’t stop using cellular technologies, they must trust their cell phone as much as they trust an open access point,” Fasel said. “Use strong encryption on data services and don’t say anything over the airwaves that you wouldn’t assume someone’s listening to.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

18 hours ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

20 hours ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

22 hours ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

2 days ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

2 days ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

2 days ago